Hi, If you want to disable ClusterXL's interface check you have to add the IF name in /etc/fw/conf/discntd.if and do a cprestart. Then you get "Disconnected" for that IF in "cphaprob if".
For vlan-only IF's you have to add ALL vlan IF's ie eth0.10 eth0.11 and so on, otherwise it will continue on to the lowest vlan id on that IF that's not in the list. Regards, Erik Crist Clark wrote: >>>> On 9/12/2006 at 6:01 AM, "[EMAIL PROTECTED]" > <[EMAIL PROTECTED]> wrote: >> Hi, >> >> What you could try: >> >> 1) first get a list of all the devices that clusterXL monitors: >> >> cphaprob [-i[a]] [-e] list >> Purpose: View the list of critical devices on a cluster member and > of >> all the other machines in the cluster. >> >> 2) Then deactivate the monitoring of the two physical interfaces > that >> the active member has more than the member that is down: >> >> cphaprob -d <device> [-p] unregister >> Purpose: Unregister a user defined <device> as a critical process. >> This means that this device is no longer considered critical. >> >> 3) redo step 1 and make sure that the output is the same on both > members; > > I don't think you can use cphaprob to unregister individual > interfaces. At least, I can't seem to figure out how. If I > do, > > # cphaprob -d qfe6 unregister > > It says it gives a success message, but qfe6 still shows up in > all of the lists. If I tell it, > > # cphaprob -d bogusdevice unregister > > I also get a success message. I don't think "unregister" actually > checks that the device exists. > > In the cluster topology, I don't see a way to define a cluster > interface and have monitoring disabled. However, I put the two > "real" interfaces on the secondary that correspond to VLAN > interfaces on the primary into the secondary's > $FWDIR/conf/discntd.if file. This seems to work. After disabling > those, > > # cphaprob if > > qfe0 UP > qfe1 UP > qfe2 UP > qfe3 UP > qfe4 UP > qfe5 UP > qfe6 Disconnected > qfe7 Disconnected > qfe8 UP > qfe9 UP > > # cphaprob state > > Cluster Mode: New High Availability (Active Up) > > Number Unique Address Assigned Load State > > 1 10.20.216.109 0% standby > 2 (local) 10.20.216.110 100% active > > The primary is in standby. It's happy now. This does seem to > verify that this is the problem. > > Unfortunately, I would like to monitor those two interfaces. > Guess that I'll need to get new hardware to match up the "real" > and VLAN interfaces on both machines. > >> On 9/11/06, Crist Clark <[EMAIL PROTECTED]> wrote: >>> I have someone at a VAR telling me they don't see a reason >>> why this wouldn't work, but it doesn't seem to. I want to >>> see if anyone here can give me a more firm yes or no before >>> I pop for more hardware. >>> >>> I have a cluster with two nodes. The topology of both nodes >>> lines up alright, but ClusterXL insists the primary node >>> is always down even though all of the interfaces on both >>> are all "UP." >>> >>> Now I suspect the reason for this is that even though the >>> topologies match and everything is up, Check Point thinks >>> the secondary is better since it has more interfaces up. >>> The Primary has seven physical interfaces. Two of the >>> interfaces are VLAN interfaces. The Secondary has nine >>> physical interfaces. It has no VLAN interfaces. It's NICs >>> do not support VLANs, but I've got plenty of these old >>> cards. >>> >>> Anyone have a situation where cluster members have differing >>> numbers of physical interfaces, but ClusterXL works? Or >>> can anyone say for sure that they know this doesn't work? > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
